Lastpass no. Just because. But also because they are based right next to the NSA, CIA, and others. Not comforting, as they are 'neighborhood boys' to the other boys. Comfort level = Zero. NOT saying this happens, but false flag breaches actually do happen, and honeypot products are a reality. Besides;http://news.cnet.com/8301-1009_3-20060464-83.html

HTTPS Everywhere -agreed.

Everything else? All of them replaced by a single, faster, more secure application called "Adguard". Which integrates multiple databases, WOT, Malware Filtration into one package at the port level. (Port 80, 443).

#2&3 can be replaced with the better HTTP Switchboard.
Lastpass to me is fine. At least, is more secure to use lastpass for creating and using secure password rather than using nothing and maybe just remember a unique password "password" for all logins..

#2&3 can be replaced with the better HTTP Switchboard.
Lastpass to me is fine. At least, is more secure to use lastpass for creating and using secure password rather than using nothing and maybe just remember a unique password "password" for all logins..

Click to expand...

Actually the best password system is to develop your own easy to understand methodology.

For example ,,,,,,,,,Wilder$,,,,,,,, is far more secure than iKA8ZJnm. Due to the fact you have a length on your side, any brute force still has to run through the gamut, and it's easy as hell to remember. So develop a system like this, and you don't even need to use a password manager. Have a set of variations, such as replacing ,,,, with $$$$, or cycling through your old pet names with symbols where relevant.

$$$$$$$$D0G$$$$$$$
,,,,,,,,,,,,,Trix1e,,,,,,,,

You get the idea. I used to worry about passwords, and encrypt them, and go to extremes. Now I use common sense systems that are very long, and easy to remember. If you want to get even more secure, develop your own pseudo language. For example if you use a pet name, pet names always get commas. If you use names of streets, those always get dollar signs. Remembering that is just as easy, and you mix things up even more - while having no written/digital record of any of it, recovery is easy because it's a matter of knowing which name you used, then the symbol is linked to that category of name.

1) YOU control your method.
2) YOU control your passwords. (not lastpass, or the cloud)
3) You don't need a recovery method, it's in your brain, and without a recovery method you cannot be MTM recovered or PWR intercepted.
4) Legally, with no written record, there can be made a claim you 'forgot' your encryption password, should you be compelled to remember it. <grin>

For example ,,,,,,,,,Wilder$,,,,,,,, is far more secure than iKA8ZJnm.

Click to expand...

Well, not really. 1st password is 45bits, 2nd is 58bits then should me more secure.
I still believe any password manager is better than no password manager at all. Then we can discuss if we can trust a cloud password mgr like Lastpass. I do (with security set-up at best, TFA, long random master password 145bits, alerts for any change, etc.).
But it's my opinion.

Being worried that a company is stationed in MD makes little sense to me. If you want to get work in computer security you're basically going to be in one of three places in the US, and the number one place is MD. (For CS it's NY, MD, LA - for security you tack on Colorado to that, potentially).

LastPass has an option to use servers in Europe as well.

Let's say your password is :
,,,,,$mithJ@mes,,,,,

Is that easy to remember? What if I have 50 websites I log into (I easily do) - will I remember 50 different passwords like the above?

If they're all following a single algorithm and *one of them* leaks, an attacker can attempt to decipher that algorithm. Haveibeenpwned.com shows how many millions of leaks there are.

LastPass guarantees you a random password for every site you visit. That's pretty big. It's not so much about a passwords keyspace as it is about it being unique from all other passwords.

For example ,,,,,,,,,Wilder$,,,,,,,, is far more secure than iKA8ZJnm. Due to the fact you have a length on your side, any brute force still has to run through the gamut, and it's easy as hell to remember. So develop a system like this, and you don't even need to use a password manager. Have a set of variations, such as replacing ,,,, with $$$$, or cycling through your old pet names with symbols where relevant.

$$$$$$$$D0G$$$$$$$
,,,,,,,,,,,,,Trix1e,,,,,,,,

Click to expand...

But an attacker needn't resort to bruteforcing. The last two passwords have a definite pattern, and attackers can (and do) take advantage of patterns.

ENTROPY: If you are mathematically inclined, or if you have some security knowledge and training, you may be familiar with the idea of the “entropy” or the randomness and unpredictability of data. If so, you'll have noticed that the first, stronger password has much less entropy than the second (weaker) password. Virtually everyone has always believed or been told that passwords derived their strength from having “high entropy”. But as we see now, when the only available attack is guessing, that long-standing common wisdom . . . is . . . not . . . correct!

But as we see now, when the only available attack is guessing, that long-standing common wisdom . . . is . . . not . . . correct!

Click to expand...

If you use some kind of algorithm to create unique passwords for each login, your passwords are not safe. If one password gets compromised, all other can be guessed, because attacker will probably guess the algorithm. It's like domino effect... Entropy and length of password doesn't mater as brute forcing won't be necessary.

No aigle, Chrome is not much secure as itself. It needs script blockers like gorhill's HTTP Switchboard. At the moment it is my main security in Chrome, though I have others in general for my internet activities.

Notscripts is no longer developed nor available in the Chrome Web Store. You should switch to ScriptSafe which seems to be partially based on Notscripts. However, HTTP Switchboard is considerably superior.

Lastpass is a better choice, than storing passwords in the browser, but it has been hacked at least 3 times, so it is better to use an offline password manager like KeePass.

Click to expand...

Can you document that LastPass has been hacked three times and what exactly it means? I heard some time ago that there was a breach, but that no user data was lost/compromised. The product was hardened further afterward as well.

Lastpass is a better choice, than storing passwords in the browser, but it has been hacked at least 3 times,

Click to expand...

3 times Do you have any evidence for that claim?

To my knowledge, there was one hacking attempt in 2011 where is was not clear if any data was stolen. (And your data - if affected - was not at risk if you had a good master password.) As a consequence Lastpass has implemented several security improvements.

Considering you need a whitelist for specific URL's to prevent website breakage, it's extremely difficult to measure "blocking power". What you think is an advantage in one addon might actually be a disadvantage (it breaks something) and has been whitelisted in EasyList.

It's extremely unlikely anything has "better blocking power" than EasyList, excluding the few rare situations where something new hasn't been added to the list yet.

It's extremely unlikely anything has "better blocking power" than EasyList, excluding the few rare situations where something new hasn't been added to the list yet.

Click to expand...

Easylist + EasyPrivacy are definitely excellent. But if it comes to 3rd party requests, HTTPSB with out-of-the-box settings blocks significantly more by definition. However, the Adblock filter lists are very good supplements for cases like

HTTPSB with out-of-the-box settings blocks significantly more by definition

Click to expand...

You missed my point or ignored it. This statement doesn't mean it's better, nor is it necessarily a good thing.

I could make a list that blocks half the internet and claim it has better "blocking power" than anything else. The issue would be that half the internet is broken.

Whitelists are a requirement and prevent any statistical measure of "blocking power" being accurate unless you want to spend hours analysing every single blocked entry. You would probably also end up referencing the EasyList whitelist anyway to do such a test.

At the end of the day EasyList has been worked on for years and is constantly updated. Think twice before you decide that some new addon is somehow better than all those years of work just because it's blocking more.